FDA – TechHealth Perspectiveshttps://www.techhealthperspectives.com
Insights on the Laws and Regulations Related to New Health TechnologiesMon, 04 Mar 2019 20:42:40 +0000en-UShourly1https://wordpress.org/?v=4.9.10OIG Evaluates Remote Patient Monitoring Arrangementhttps://www.techhealthperspectives.com/2019/03/04/oig-evaluates-remote-patient-monitoring-arrangement/
https://www.techhealthperspectives.com/2019/03/04/oig-evaluates-remote-patient-monitoring-arrangement/#respondMon, 04 Mar 2019 20:42:15 +0000https://www.techhealthperspectives.com/?p=1633The Office of Inspector General (“OIG”) for the Department of Health and Human Services recently issued an Advisory Opinion that provides insight into how the agency evaluates arrangements that deal with the integration of technology, medicine, and patient monitoring under the federal Anti-Kickback Statute (“AKS”). In Advisory Opinion No. 19-02, OIG evaluated whether a pharmaceutical manufacturer could temporarily loan a limited-functionality smartphone to financially needy patients enrolled in federal health care programs. OIG concluded that the proposed arrangement could violate federal health care fraud laws but OIG would not impose civil monetary penalties or administrative sanctions in light of … Continue ReadingContinue Reading…]]>The Office of Inspector General (“OIG”) for the Department of Health and Human Services recently issued an Advisory Opinion that provides insight into how the agency evaluates arrangements that deal with the integration of technology, medicine, and patient monitoring under the federal Anti-Kickback Statute (“AKS”). In Advisory Opinion No. 19-02, OIG evaluated whether a pharmaceutical manufacturer could temporarily loan a limited-functionality smartphone to financially needy patients enrolled in federal health care programs. OIG concluded that the proposed arrangement could violate federal health care fraud laws but OIG would not impose civil monetary penalties or administrative sanctions in light of the purpose of the arrangement and certain safeguards in place. This Advisory Opinion related to the promotion of remote patient monitoring and is useful to telehealth providers and other pharmaceutical manufacturers to evaluate how OIG might analyze similar arrangements.

The FDA recently approved a digital medicine version of the antipsychotic drug that, once ingested, gives off a signal detectable by a wearable sensor (a “Patch”) on a patient’s abdomen. The wearable tracks patient adherence to the medication regimen and transmits this data through an App on the patient’s smartphone.

Under the arrangement, in order to access and use the App, the pharmaceutical company would loan a smartphone to patients who have a prescription for the digital medicine drug, do not already have a smartphone, and have an annual income below a specific percentage of the Federal poverty level. The offer would not be advertised to patients and prescribers would not receive any financial benefit for prescribing the digital medicine drug or for helping patients participate in the program. The smartphone would come preloaded with the App and only have the ability to make domestic telephone calls but no other capabilities. Patients would have the loaner smartphone for no more than two 12-week periods.

OIG determined that because patients would receive something of value from receipt of the smartphone, the patients would receive a form of remuneration. Therefore, the OIG examined the arrangement under the Civil Monetary Penalties Law (“CMPL”). OIG determined that the arrangement would implicate the Beneficiary Inducement of the CMPL because the provision of the loaner smartphone may influence a patient to continue to receive care from the particular prescriber. Similarly, the patient may believe he or she must continue to use the specialty pharmacy to obtain the digital medicine drug if the patient uses the loaner smartphone.

However, OIG ultimately determined that the arrangement would satisfy the criteria under the CMPL’s Promote Access to Care Exception and not subject the pharmaceutical company to administrative sanctions under the AKS statute for the following reasons:

The loaner smartphone would improve a patient’s ability to both properly use and access the full scope of the benefits of the digital medicine drug.

Provision of the loaner smartphone to low-income patients would also pose a low risk of harm to the government, as it would be unlikely to interfere with clinical decision-making.

The arrangement is not likely to increase costs to federal health care programs or beneficiaries through overutilization or inappropriate utilization.

Patients would be unlikely to request the digital medicine drug for the sake of obtaining the loaner smartphone given that the program would not be advertised to patients.

The arrangement does not pose patient safety or quality-of-care concerns.

Provision of the loaner smartphone would not influence a person to select the digital medicine drug.

OIG also commented on what type of arrangement it would not give the same discretionary approval. If the smartphone had additional functionality, such as access to an internet browser or a camera, or the ability to add other apps, OIG would very likely conclude that the arrangement would not meet the Promote Access to Care Exception. OIG explained that additional smartphone capabilities are problematic because they would relieve patients from the need to purchase their own smartphones or pay for a smartphone contract.

In light of the safeguards in place, OIG concluded that the pharmaceutical company would not be subject to administrative sanctions under the CMPL and AKS in connection with the loaner smartphone program. Although this opinion is useful for other providers and suppliers that have or intend to have similar patient monitoring arrangements in place, the advisory opinion only applies to the particular arrangement.

Drug and device manufacturers that operate patient assistant programs and providers that provide care to patients enrolled in federal health care programs through digital devices must carefully scrutinize their own arrangement to ensure it does not violate federal health care fraud laws. However, this opinion provides insight into OIG’s rationale with respect to such telehealth arrangements. It is clear that a carefully structured arrangement that improves patient safety and quality of care and has safeguards in place to guard against fraud and abuse may be deemed permissible under the CMPL and AKS.

]]>https://www.techhealthperspectives.com/2019/03/04/oig-evaluates-remote-patient-monitoring-arrangement/feed/0Law Urging DEA to Promulgate Rules for “Special Registration” Likely This Summerhttps://www.techhealthperspectives.com/2018/06/18/law-urging-dea-to-promulgate-rules-for-special-registration-likely-this-summer/
https://www.techhealthperspectives.com/2018/06/18/law-urging-dea-to-promulgate-rules-for-special-registration-likely-this-summer/#respondMon, 18 Jun 2018 13:20:52 +0000https://www.techhealthperspectives.com/?p=1530At first blush, the passage of House Bill 5483, entitled the “Special Registration for Telemedicine Clarification Act of 2018” (the “Bill”), appears to address the issue concerning the lack of regulatory guidance regarding the “Special Registration” exception to the Ryan Haight Act of 2008; however, a deeper and more careful analysis reveals that the Bill may not be as effective as most health care practitioners may hope. The Bill, sponsored by Rep. Carter (R-Georgia), a pharmacist, Rep. Bustos (D-Illinois), and nine others, cleared the House on June 12, 2018 without objection. The Bill would require the federal Drug Enforcement … Continue ReadingContinue Reading…]]>At first blush, the passage of House Bill 5483, entitled the “Special Registration for Telemedicine Clarification Act of 2018” (the “Bill”), appears to address the issue concerning the lack of regulatory guidance regarding the “Special Registration” exception to the Ryan Haight Act of 2008; however, a deeper and more careful analysis reveals that the Bill may not be as effective as most health care practitioners may hope. The Bill, sponsored by Rep. Carter (R-Georgia), a pharmacist, Rep. Bustos (D-Illinois), and nine others, cleared the House on June 12, 2018 without objection. The Bill would require the federal Drug Enforcement Agency (“DEA”) to promulgate rules that would allow health care providers to apply for a “Special Registration” that would allow a provider to prescribe controlled substances via telehealth without first conducting an initial in-person examination of the patient. A transcript of the testimony in support of the Bill (“Transcript”) reveals enthusiasm by the sponsors of the Bill, as well as by Representatives Pallone (D-New Jersey) and Walden (R-Oregon), who called the Bill “a commonsense measure that cuts through the red tape to provide more treatment options to underserved communities through the use of telemedicine.” While Section 413 of the current version of S.B. 2680 would only give the DEA six months to promulgate such rules, the two bills are very similar and almost guarantee that a law will be signed in the coming months that will require DEA to promulgate rules that will finally create a Special Registration exception to the Ryan Haight Act. While the prospect of rules implementing the Special Registration may be exciting for many practitioners, it should be noted that the DEA has been obligated to create these regulations, and has ignored this obligation, for a decade.

Once enacted, the Ryan Haight Online Pharmacy Consumer Protection Act of 2008 (the “Act”) effectively banned the prescription of controlled substances via telehealth without an in-person examination of the patient. While there are exceptions to the Act, these exceptions are very technical and do not apply to the majority of treatment settings for which a controlled substance could be prescribed by a treating physician to a patient in his or her home. When the Act was passed, Congress appeared to have the foresight to know that the Act was restrictive and that the Act should have some mechanism by which its prohibitions could be relaxed, because the Act also created 21 U.S.C. § 831(h)(2), which orders the Attorney General of the United States and the DEA to “promulgate regulations specifying the limited circumstances in which a special registration under this subsection may be issued and the procedures for obtaining such a special registration.” However, as we have previously discussed, the only related action the DEA has taken in the decade between the passage of the Act and today was, in 2016, to mark the creation of these rules a “Long-Term Action” that has not substantively been addressed. By suggesting that the DEA “understand[s] the need to implement this provision of law” Rep. Walden appears to be incognizant of the historical lack of the DEA’s movement to promulgate the Special Registration rules, despite the DEA having the authority to do so since the Act originally was passed in 2008. Mr. Walden also seems to advocate for the DEA, as he supports revising the Bill’s original 90-day deadline for the promulgation of rules to implement a one-year deadline on account of the DEA’s position it would be burdensome. As such, the question remains whether the DEA, who has avoided this exact obligation for nearly a decade, will at last take action within the year if the Bill becomes law.

Even if the DEA promulgates rules to create the Special Registration, there is no indication how broadly such rules will be written. In this regard, the transcript illustrates a fundamental difference in how Representatives Walden and Carter view the value of the DEA creating a Special Registration process and, importantly, what the scope of that Special Registration process should be from many psychiatrists and other practitioners. For example, Rep. Walden described the exception to the Act in narrow terms: “for emergency situations, like the lack of access to an in-person specialist” (a phrase also used by Rep. Carter). Mr. Carter stated as well that the original purpose of the Special Registration was for “legitimate emergency situations” as follows:

“The law included the ability for the Attorney General to issue a special registration to healthcare providers detailing in what circumstances they could prescribe controlled substances via telemedicine in legitimate emergency situations, such as a lack of access to an in-person specialist.”

Rep. Carter further stated that the Special Registration could serve as a tool to fight the opioid crisis “to connect patients with the substance use disorder treatment they need without jeopardizing important safeguards to prevent misuse or diversion,” but he did not speak of the Special Registration in broader terms. The statements by Reps. Walden and Carter mischaracterize the original language of the Act regarding the “Special Registration for Telemedicine,” which does not limit the Special Registration to emergency situations. Rather, the Act explicitly authorizes the Attorney General to issue the Special Registration to a practitioner who “demonstrates a legitimate need for the special registration” without defining the phrase “legitimate need”. As such, “legitimate need” could include “emergency situations” but also could be interpreted to include circumstances under which a physician is authorized to prescribe a controlled substance via telehealth as long as such prescription is in accordance with the substance’s label or the applicable standard of care for treatment of the illness for which the prescription was issued to treat,

If the DEA takes its cues from the recent House testimony supporting the Bill, the agency may decide the Special Registration should be limited to certain declarations of emergencies, such as the declaration of the opioid crisis as a Public Health Emergency. Such a narrow definition may be fruitful in the fight against opioid use disorder, but may ultimately fall short of expectations held by telehealth practitioners interested in providing services to patients via telehealth that involve prescribing controlled substances.

]]>https://www.techhealthperspectives.com/2018/06/18/law-urging-dea-to-promulgate-rules-for-special-registration-likely-this-summer/feed/0Contrary to Misconceptions, a Final Guidance is Not a Final Rulehttps://www.techhealthperspectives.com/2014/08/01/contrary-to-misconceptions-a-final-guidance-is-not-a-final-rule/
https://www.techhealthperspectives.com/2014/08/01/contrary-to-misconceptions-a-final-guidance-is-not-a-final-rule/#respondFri, 01 Aug 2014 17:38:17 +0000http://www.techhealthperspectives.com/?p=1032Earlier this week, a popular source of regulatory news published an article claiming FDA “finalized a new rule this week that prohibits manufacturers from using so-called “split-predicates”. However, it appears that the article may instead be referencing the Final Guidance for Industry and Food and Drug Administration Staff entitled “The 510(k) Program: Evaluating Substantial Equivalence in Premarket Notifications [510(k)]” that FDA published earlier this week. Unfortunately, as often occurs on the Internet, the post was disseminated by several other popular sources of regulatory news.

Continue Reading…]]>Earlier this week, a popular source of regulatory news published an article claiming FDA “finalized a new rule this week that prohibits manufacturers from using so-called “split-predicates”. However, it appears that the article may instead be referencing the Final Guidance for Industry and Food and Drug Administration Staff entitled “The 510(k) Program: Evaluating Substantial Equivalence in Premarket Notifications [510(k)]” that FDA published earlier this week. Unfortunately, as often occurs on the Internet, the post was disseminated by several other popular sources of regulatory news.

This confusion comes a little less than three months after four Senator’s sent a letter to FDA raising concerns about FDA draft guidance “becoming the default FDA policy and position.”

Guidances and final rules carry different legal weight. Final regulations are legislative rules that have the force of law. Whereas, guidances do not set new legal standards, impose legal requirements or have the force of law. Instead guidances are issued to help interpret or clarify an existing regulation.

FDA certainly understands this difference. As FDA notes, “FDA regulations are [] federal laws, [even though] they are not part of the [federal Food Drug & Cosmetic Act (FD&C Act)].” Whereas, “FDA guidance describes the agency’s current thinking on a regulatory issue [but guidance] is not legally binding on the public or FDA.”

FDA also emphasizes this latter point in many of its guidance documents by including the following disclaimer:

This guidance represents the Food and Drug Administration’s (FDA’s) current thinking on this topic. It does not create or confer any rights for or on any person and does not operate to bind FDA or the public. You can use an alternative approach if the approach satisfies the requirements of the applicable statutes and regulations. If you want to discuss an alternative approach, contact the FDA staff responsible for implementing this guidance. If you cannot identify the appropriate FDA staff, call the appropriate number listed on the title page of this guidance.

Unfortunately, not everyone fully appreciates the difference between rules and guidance. The recent confusion suggests that there is a disconnect between FDA’s position on the difference between guidance and final rules and the understanding of at least some in industry. Therefore, as FDA reviews its current guidance development practice, it is important that FDA look for ways to ensure (draft or final) guidance is just that, guidance. For example,

FDA should make the guidance development process more efficient and so that there is a significant difference between the time it takes to publish a final guidance and the time it takes to implement a final rule;

If a manufacturer uses an alternative approach and provides reasonable support for taking such an approach, FDA should be required to provide a reasonably explanation as to why the alternative is insufficient;

FDA should include a process for quickly and efficiently incorporating alternative approaches into existing final guidance.

]]>https://www.techhealthperspectives.com/2014/08/01/contrary-to-misconceptions-a-final-guidance-is-not-a-final-rule/feed/0Privacy and Security Are Paramount When Designing Healthcare Appshttps://www.techhealthperspectives.com/2012/09/11/privacy-and-security-are-paramount-when-designing-healthcare-apps/
https://www.techhealthperspectives.com/2012/09/11/privacy-and-security-are-paramount-when-designing-healthcare-apps/#respondWed, 12 Sep 2012 01:36:12 +0000http://www.techhealthperspectives.com/?p=396Mobile application (“app”) development is the new boon for technology companies of all sizes, and the phrase “There’s an app for that” tells the story of just how much this market has grown and matured. Most of the early app development focused on low risk opportunities—those involving free or low-cost social media or gaming apps. While protecting privacy and security of personally-identifiable information is generally important, privacy and security concerns typically do not rank as high priorities in decision-making when developing these types of apps.

By contrast, some developers focused on creating apps that promote healthcare. Current estimates suggest that … Continue Reading

Continue Reading…]]>Mobile application (“app”) development is the new boon for technology companies of all sizes, and the phrase “There’s an app for that” tells the story of just how much this market has grown and matured. Most of the early app development focused on low risk opportunities—those involving free or low-cost social media or gaming apps. While protecting privacy and security of personally-identifiable information is generally important, privacy and security concerns typically do not rank as high priorities in decision-making when developing these types of apps.

By contrast, some developers focused on creating apps that promote healthcare. Current estimates suggest that about 13,000 healthcare apps exist today. Recent research suggests the healthcare app marketplace will be valued at nearly $12 billion by 2018. Due to the sensitive nature of health information, privacy and security have become important considerations throughout the lifecycle of the app from financing through end-user adoption. Yet, it is unclear to what extent technology companies have factored health-related privacy and security standards into their development and marketing plans. Just saying that you are a technology company, and not a healthcare company, does not insulate you from risk should you decide to work in the space between both sectors.

There are four main reasons why technology companies should evaluate whether a healthcare app adequately safeguards privacy and security of health information.

The healthcare sector currently constitutes approximately $2 trillion on spending in the United States. Even in the current down economy, healthcare entities continue to spend money to seek ways to improve efficiency through use of health information technologies. However, healthcare companies are acutely aware of the importance of privacy and security related to health information. Partnering with healthcare entities as their business associates to develop apps necessitates that technology companies take privacy and security just as seriously.

2. Technology companies must build trust with end users of apps to increase adoption.

Recent financial incentives, such as those offered by the federal government’s Innovations (i2) Initiative and private entities have drawn technology companies into the healthcare sector, but consumers are still concerned about the privacy and security of their information. For example, non-governmental organizations have recently published best practices to protect privacy recognizing that end users of health apps are acutely sensitive to the privacy and security of their health information. Even the Department of Health and Human Services (“HHS”), Office of the National Coordinator for Health Information Technology (“ONC”) in cooperation with the HHS Office of Civil Rights (“OCR”) have teamed up to launch a Privacy & Security Mobile Device project which aims to develop best practices to help developers better protect health information while using mobile devices. Thus, if a technology company seeks to obtain one of the many financial incentives, it should prioritize privacy and security issues as these are on top of mind for consumers.

3. Numerous government agencies have regulatory jurisdiction over health apps.

A consequence of creating health apps is that a developer may become subject to a great deal of scrutiny by government agencies including FDA, FCC, FTC, CMS, OCR and ONC. In addition to OCR, which typically enforces privacy and security rules, agencies that do not typically focus on privacy or security concerns have also exercised their authority to require certain safeguards. For example, CMS has required privacy and security compliance in its requirements to achieve meaningful use of an electronic health record. Further, the FDA has recently been authorized to issue regulations governing certain medical apps. We have yet to see what these rules say, but the FDA has already been criticized for failing to ensure adequate privacy and security safeguards exist before approving medical devices for the marketplace. As such, it is possible the FDA will also include privacy and security requirements in its rulemaking.

4. States laws are sometimes more aggressive than federal laws.

Some states have taken steps to expand the scope of privacy and security protections beyond what is required under federal standards. For example, Texas and California have certain requirements that go beyond federal privacy and security requirements. Thus, technology companies should assess whether the states in which they operate or sell their technologies have more stringent privacy and security standards.

In short, technology companies looking to be successful in the healthcare space should seriously consider building privacy and security into the app lifecycle as a way to increase trust with healthcare partners, increase trust with end users, and comply with applicable federal and state legal requirements and meet industry best practices.

Follow me on Twitter: @HealthITLawyers

]]>https://www.techhealthperspectives.com/2012/09/11/privacy-and-security-are-paramount-when-designing-healthcare-apps/feed/0FDA Approval Is Never Enoughhttps://www.techhealthperspectives.com/2012/08/24/fda-approval-is-never-enough/
https://www.techhealthperspectives.com/2012/08/24/fda-approval-is-never-enough/#respondFri, 24 Aug 2012 19:59:39 +0000http://www.techhealthperspectives.com/?p=336The following may surprise some: FDA approval or clearance is never enough. Not if manufacturers want a commercially successful product. There is no doubt that addressing FDA issues is critical. But without data to show effectiveness, payers will not reimburse a particular product or technology—and even the most promising product will languish in the market without the appropriate coverage and reimbursement.

The use of remote monitoring devices has increased significantly over the last few years. I think it is fair to say that many manufacturers of these devices worry far more about FDA clearance and approval issues than they do … Continue Reading

Continue Reading…]]>The following may surprise some: FDA approval or clearance is never enough. Not if manufacturers want a commercially successful product. There is no doubt that addressing FDA issues is critical. But without data to show effectiveness, payers will not reimburse a particular product or technology—and even the most promising product will languish in the market without the appropriate coverage and reimbursement.

The use of remote monitoring devices has increased significantly over the last few years. I think it is fair to say that many manufacturers of these devices worry far more about FDA clearance and approval issues than they do about coverage and reimbursement. And that is a critical mistake. Clearing FDA hurdles is surely an important step but without a sophisticated coverage and reimbursement strategy, a product has almost no chance of market success. So, why do many manufacturers and other stakeholders not prioritize coverage and reimbursement as part of product launch strategy? Part of the answer lies in the complex, often confusing rules and policies many payers (both public and private) have in place. For example, just to look at a few:

Differing reimbursement environment: reimbursement policies differ depending on the type of remote monitoring device in question. In other words, a reimbursement system that supports one monitoring device may not always provide an opportunity for another. Each device is usually evaluated by the type of data monitored, the frequency and duration of monitoring, how engaged a health care professional must be to obtain and interpret the data, etc.

Multiple codes: a particular remote monitoring device may require multiple codes. Different codes may be required to capture the technical and professional components associated with a particular device.

Limited reimbursement: Devices are reimbursed either through the technical component of a physician service (Medicare Physician Fee Schedule) or as a piece of durable medical equipment. How it is paid determines the amount of reimbursement.

Attended monitoring: The more a device includes attended monitoring (by a health care professional), the more complex the reimbursement policy is likely to be.

Another issue for stakeholders is that coverage and reimbursement for devices is the culmination of three separate but critical processes: a) coverage–the terms and conditions for payment; b) coding–the unique identifiers for diagnoses, procedures, devices & diagnostics, etc.; and c) payment–the reimbursement amounts paid by public and private payers. Each phase has its own unique and complex pathways, and although advocacy is a useful tool for each phase, knowing how to engage the relevant stakeholders for each process is more art than science. The final issue confronting stakeholders is that the time and resources spent trying to gain FDA approval or clearance often does not lead to the type of data payers often require to cover and reimburse new products—especially remote monitoring technologies.

So, given the importance of a sound reimbursement approach to the commercial survival of a remote monitoring device, here is a short list of some of the things that stakeholders should consider:

Assemble a team that includes lawyers, coding consultants, and health economists to develop and implement a reimbursement and commercialization strategy outside of FDA issues.

Ensure the clinical, commercial development, and reimbursement teams are collaborating to create a unified, coherent approach.

Examine the current reimbursement landscape.

Analyze similar devices in the same coding category.

Design clinical trials (wherever possible) to generate the type of data that can also be used to persuade payers regarding the effectiveness of a particular device.

Analyze the coding and coverage policies of major public and private payers.

Engage stakeholders (health professional societies, advocacy groups) early in the development process.

The main takeaway here is that remote monitoring device manufacturers need to incorporate a coverage/reimbursement strategy as early as they do an FDA strategy. Ultimately, the commercial success of a product depends on whether and how payers reimburse for a product just as much as it does on how well FDA issues have been addressed.